Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 15:12

    vharseko on master

    Update external dependency to h… (compare)

  • 15:12
    vharseko closed #402
  • 15:12
    vharseko closed #401
  • 15:12
    vharseko opened #403
  • 14:44
    lscorcia edited #401
  • 14:27
    lscorcia opened #402
  • 14:24
    lscorcia edited #401
  • 14:24
    lscorcia opened #401
  • 04:42

    dependabot[bot] on maven

    (compare)

  • 04:42

    maximthomas on master

    Bump xmlsec from 2.1.5 to 2.1.7… Merge pull request #400 from Op… (compare)

  • 04:42
    maximthomas closed #400
  • Sep 20 23:23
    dependabot[bot] labeled #400
  • Sep 20 23:23
    dependabot[bot] labeled #400
  • Sep 20 23:23
    dependabot[bot] opened #400
  • Sep 20 23:23

    dependabot[bot] on maven

    Bump xmlsec from 2.1.5 to 2.1.7… (compare)

  • Sep 17 13:24
    maximthomas closed #396
  • Sep 17 13:24
    maximthomas commented #396
  • Sep 16 09:32
    huyifei2016 starred OpenIdentityPlatform/OpenAM
  • Sep 14 12:09
    vharseko updated the wiki
    Home
  • Sep 14 12:05
    vharseko updated the wiki
    Home
Maciej Debowski
@maciekdeb
and at the same time ForgeRock started working on the closed version - thats why the versioning 5, 6, 6.5 appeared
vharseko
@vharseko
OpenAM Community v14 like FR AM v5
Nino
@ninobosteels_gitlab
hi !
how production ready do you think the docker image is ? https://hub.docker.com/r/openidentityplatform/openam
vharseko
@vharseko
we use in production
Nino
@ninobosteels_gitlab
just through docker or rather openshift?
and what's your experience with this image?
vharseko
@vharseko
used on docker and openshift
Nino
@ninobosteels_gitlab
used? in the past?
are you interested to discuss this in more detail?
vharseko
@vharseko
@ninobosteels_gitlab yes
Nino
@ninobosteels_gitlab
are you experienced in openAM management?
elvisbar
@elvisbar
Hi, I have an issue updating the AssertionIDRequestService location in the UI for a hosted IDP entity. I am using OpenAM community v14.2.2. anyone know where I can update the url for this property? Thanks
Christian
@spetix
hi everybody is there anybody expert of radius authentication module? My company needs to decode one more attribute and pass it "somehow" to post authentication modulue in order to use that as group name for user.. so question 1) how we can extend radius decoding? 2) how do we pass the new attribute along the chain to post authentication plugin?
vharseko
@vharseko
@spetix You can expand the number of incoming parameters in the authentication module: https://github.com/OpenIdentityPlatform/OpenAM/tree/master/openam-authentication/openam-auth-radius/src/main/java/com/sun/identity/authentication/modules/radius
@elvisbar uriAssertionIDRequest
Bill Major
@rwmajor2
I would like to have a Q&A forum, as I am new to OpenAM and trying to get it setup. is this room active?
Maxim Thomas
@maximthomas
Hi, yes, it is active. Do you have any questions?
barramandi
@barramandi
Hi, I did a load test comparing OpenAM 13.5/14.4.2 with plain username/password login (DataStore module) and found for 14.4.2, the login performance degrade gradually while it's constant for 13.5.
can see the comparison here https://drive.google.com/open?id=1Q1hrtevzvTdEufNrBh4YhA8TJjdJDxwW
vharseko
@vharseko
@barramandi please provide more info about test load script
barramandi
@barramandi
Here's the JMeter script https://drive.google.com/open?id=1EAI1-vwjlfOLAcSirbHQUwsUkPom-wh4
For the test, XUI is disabled for Login form (search for XUI under XML in ou=1.0,ou=iPlanetAuthService config store and change to false, restart Tomcat)
Christian
@spetix
shall i ask you why you're not publishing artifacts/sources in a maven repository?
vharseko
@vharseko
@barramandi thanks
vharseko
@vharseko
@barramandi can you create jastack PID from server process ?
kumar pravinchandra panchal
@kumar1801
Hi
barramandi
@barramandi
@vharseko found there's some token query to CTS causing all these slowdown, mainly under these two classes. https://github.com/OpenIdentityPlatform/OpenAM/blob/master/openam-core/src/main/java/com/iplanet/dpro/session/service/InternalSessionFactory.java (line 137/138) & https://github.com/OpenIdentityPlatform/OpenAM/blob/master/openam-server-auth-ui/src/main/java/com/sun/identity/authentication/UI/LoginViewBean.java (line 303)
prabhakar thopa
@pthopa
i used the openam docker image @https://hub.docker.com/r/openidentityplatform/openam/ to run openam as an openid provider.. but the id_token that i got back does not have the "nonce" attribute, which is causing my spring security client to fail the oauth login.. is there any configuration that needs to be turned on to get back the nonce attribute as part of the id_token? i verified that when making the authorize call, i am sending a nonce, which should be included in the id_token, but it is not..
vharseko
@vharseko
@pthopa https://github.com/OpenIdentityPlatform/OpenAM/issues?utf8=✓&q=nonce+
prabhakar thopa
@pthopa
@vharseko thanks
prabhakar thopa
@pthopa
@vharseko the docker image on dockerhub was last built 5 months ago and does not have the fix #198 you referenced.. does that mean i have to build the docker image locally if i need the fix?
Evgenyx82
@Evgenyx82
Does https://github.com/OpenIdentityPlatform/OpenAM compatible with https://github.com/ForgeRock/openamjs or https://github.com/ForgeRock/forgerock-javascript-sdk? I need javascript sdk, any suggestions?
Maxim Thomas
@maximthomas
@Evgenyx82 It should be, but we have not tested it yet
Stefano
@spontillo77

With OPENAM 14.4.2 I have the following exception when I try to add an OpenAM Identity Subject to a Policy:
'code'
com.iplanet.jato.NavigationException: Exception encountered during forward
Root cause = [org.forgerock.i18n.LocalizedIllegalArgumentException: The provided value "xtauctionsALL" could not be parsed as a valid distinguished name because the last non-space character was part of the attribute name 'xtauctionsALL']
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:162)
at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:113)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:229)
at com.sun.identity.console.policy.SubjectOpViewBeanBase.handleBtnFilterRequest(SubjectOpViewBeanBase.java:484)
at com.sun.identity.console.policy.IdentitySubjectAddViewBean.handleBtnFilterRequest(IdentitySubjectAddViewBean.java:244)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)

I try with many groups names but the result is always the same

Wenjing Liu
@betterliuwj

Hey, with the latest and 14.5.1 OpenAM docker running, I always encounter this ERROR message when following the quickstart guide to setup basic openAM. 

ERROR: created internalAppSSOToken:WnEwa1lRRzhMakdvVzg1N3JCRUFBZz09MTabcdefgh==, authInitialized: false, SystemProperties.isServerMode(): true,  SystemProperties.get(AMADMIN_MODE): null
amSecurity:04/24/2020 04:10:24:823 AM UTC: Thread[http-nio-8080-exec-3,5,main]: TransactionId[7ac18dc5-ac86-41cb-b1f7-c29f500fd4d4-14]
ERROR: created internalAppSSOToken:YkVBNFphUXRUU2lkZ3FzNHJCRUabcdefghicyNA==, authInitialized: false, SystemProperties.isServerMode(): true,  SystemProperties.get(AMADMIN_MODE): null

Tho the UI browser page shows configuration successful created....But when I press Proceed to login, I got invalid token and the page just empty.....Checked the docker log, showing 

ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set
ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set
ESAPI: Attempting to load ESAPI.properties via file I/O.
ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /usr/local/tomcat/ESAPI.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
ESAPI: Not found in 'user.home' (/home/openam) directory: /home/openam/esapi/ESAPI.properties
ESAPI: Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false
ESAPI: Attempting to load validation.properties via file I/O.
ESAPI: Attempting to load validation.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /usr/local/tomcat/validation.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: .esapi/validation.properties
ESAPI: Not found in 'user.home' (/home/openam) directory: /home/openam/esapi/validation.properties
ESAPI: Loading validation.properties via file I/O failed.
ESAPI: Attempting to load validation.properties via the classpath.
ESAPI: validation.properties could not be loaded by any means. fail.. Caught java.lang.IllegalArgumentException; exception message was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
log4j:WARN No appenders could be found for logger (IntrusionDetector).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

Any idea? Im using Docker for Mac...I noticed on the forcerock doc, it is said for macos, the web policy agent is not built for apache http server on macos. Is it related? Thanks

Maxim Thomas
@maximthomas
@betterliuwj Hi, it is not a critical message, it just notion for creating admin access token and does not affect functionality. You can see it in the source code:
https://github.com/OpenIdentityPlatform/OpenAM/blob/797192ba86247198fe512aad0e3095b1d1b62b2a/openam-core/src/main/java/com/sun/identity/security/AdminTokenAction.java#L306
Wenjing Liu
@betterliuwj
@maximthomas Thanks for your reply! I have sorted my issue out. It turned out that I needed to clear the browser session to fix the invalid token/session error message problem when trying to Proceed to login page. All good now :)
openam2020
@openam2020
Hello, I just deployed OpenAM-14.5.1.war into Tomcat on my Mac and went through the initial configuration setup (create new configuration). The setup completed successfully. I was then led to the login page. I provided the same username/password as I did during the setup but getting the Authentication Failed message. Any idea why?
openam2020
@openam2020
Figured it out. The issue was - I was using a browser window that disabled cookies.
Nicholas Sushkin
@nsushkin
Hi, everyone. What's the recommended version of Tomcat for OpenAM and JEE Agents? Would it work in the latest Tomcat 9, Tomcat 8.5? I think the latest FR version before fork was validated with 8.0, but that's getting old. Thanks.
Nicholas Sushkin
@nsushkin
Anybody running OpenAM in Tomcat 9, 8.5?
Maxim Thomas
@maximthomas
@nsushkin Hi, tested with Tomcat 8.5. Works great
1 reply
Aurelien
@CanalWood
Hello All,
I would like to upgrade our old release of OpenAM from 13.0 to the last release of OpenAM.
I've question about how to manage agent with our Docker Container App.
Could you explain how you use it?
Maxim Thomas
@maximthomas
@CanalWood
Hello, what do you mean about manage? What problem are you trying to solve?
Aurelien
@CanalWood
Hello @maximthomas,
My question is : How to configure the containers to add the Agent?
On my swarm I've many containers. What's the best solution to add Agent on my containers?
Use a proxy or add a container with httpd with the Agent conf or another solution?
Maxim Thomas
@maximthomas
@CanalWood have you looked at OpenIG? There is an a couple of articles about OpenIG on usage in our wiki:
https://github.com/OpenIdentityPlatform/OpenIG/wiki/How-To-Protect-Web-Services-with-OpenIG
https://github.com/OpenIdentityPlatform/OpenAM/wiki/How-to-Add-Authorization-and-Protect-Your-Application-With-OpenAM-and-OpenIG-Stack
Aurelien
@CanalWood
Oh! thanks @maximthomas , I will look this articles.
Rijndaal
@Rijndaal

Hi all!

I would like to use some REST api to perform simple tasks like getting session info from a cookie value, let say I would like to know if a cookie is valid or not.
I'm not sure which API to use since I have found 2 APIs and both seems to be broken; for example:

curl --request POST --header "Content-Type: application/json" --header "iPlanetDirectoryPro: AQIC5wM2LY4Sf...EAAjAz" https://oamsrv01.intranet.net:8443/oam/json/sessions/?_action=isActive&tokenId=AQIC5wM2...4MQACUzEAAjAz

and

curl --request POST --header "Content-Type: application/json" https://oamsrv01.intranet.net:8443/oam/json/sessions/AQIC5w...g4NzI3MjE4MQACUzEAAjAz*?_action=validate

returns code: 501, Not Implemented

instead, this call:

curl -X POST -H "Content-Type: application/json" -H "Accept-API-Version: protocol=1.0,resource=2.0" -H "iPlanetDirectoryPro: AQIC5wM2LY4S...QACUzEAAjAz" -d '{"tokenId" : "AQIC5wM2LY4S...QACUzEAAjAz"}' https://oamsrv01.intranet.net:8443/oam/json/realms/root/sessions?_action=getSessionProperties

return an empty json {}

We have OpenAM 14.5.1.

Can you help me? Is there a working api to do so in this version?
Moreover https://oamsrv01.intranet.net:8443/oam/XUI/#api/explorer/applications return a 404 and from the gui, clicking on "API explorer"
(this url: https://oamsrv01.intranet.net:8443/oam/#api/explorer) we get a page with a list API categories I suppose, but on the right, where I think should be some documentation, theres only a white box...
Is it a known problem or does it have to do with our theme modifications? I admit I have not tried a "vanilla" version of the 14.5.1 yet.

Thank you so much,
Marco

Jose Luis Villaverde Balsa
@josecho
Hello. I have created a standalone application, it is a rest service created with Spring boot (embedded tomcat server). Right now I have the jar and Postman's requests are working fine. This is part of a frontend migration, the front end that we must migrate (java applets) performs the authentication against the openAM server (ldap) with the intervention of an Apache server. Any idea how I can protect my rest service with openAM?